The best solution is to just not do it. This is something that you shouldn't
even want to do in the first place. It would about half nullify to whole
purpose of the DMZ. The DMZ is supposed to be isolated from the LAN, or
there isn't any point of having it.
The most straight forward way I can think of is to use VPN with the DNS
being a "VPN Client" that dials into a VPN Server that sits at the boundary
between the LAN and DMZ. It is still not a very secure solution, but it is
better than nothing I guess.
Here are links to what might be some other interesting reading:
Active Directory in Networks Segmented by Firewalls
http://www.microsoft.com/windows2000...y/adsegment.as
p
303503 - How to Join or Access an Internal Domain from an External Client
Using ISA Server and VPN
http://support.microsoft.com/default...b;en-us;303503
838239 - How to use virtual private networking to join or access an internal
domain from an external client
http://support.microsoft.com/default...b;en-us;838239
--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com
"Dave Turner" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> I'm trying to join a server to a domain from a NATd subnet in a DMZ.
However
> because of the NAT the DNS lookup is resolving to the real IP address of
the
> DC's when looking for SRV records. Has anyone got a work around for this
> that does not require RRAS or ISA Server?
> Thanks
> Dave
>
>
Similar Threads
Linear Mode
